An application programming interface (API) is often designed based on certain security assumptions. However, security assumptions may change over time. For example, an API designed for usage within a private network may later be deployed to provide services to public clients, or new compliance requirements governing data input or output by the API may arise. In such scenarios, rewriting the existing API to accommodate new security or compliance requirements may be costly and may cause disruption of existing usage of the API. Additionally, building field-level security considerations into applications in a non-centralized manner may lead to inconsistent solutions with difficult-to-assess levels of security. Additionally, field-level security tends to require specialized security skills that might not be readily available.
The background description provided herein is for the purpose of generally presenting the context of the disclosure. Unless otherwise indicated herein, the materials described in this section are not prior art to the claims in this application and are not admitted to be prior art, or suggestions of the prior art, by inclusion in this section.